My board has a custom php file at webroot which is called to generate a signed url for viewing video on AWS. In 3.1 we used session management sort of like below but this doesn't seem to work in 3.2.2.

Thanks kinerity. Oops, typo in the copy/paste to the forum. The closing quote is fixed.

So if I try to access the php file directly when not logged in, it works correctly and does not allow access. But it also does not allow access if I am logged in. I added an echo to see who it thinks I am when logged in

I added another echo and username is reported as ANONYMOUS but user_id is 1.

"username: Anonymous END user_id= 1 END access denied"

This is odd because I am logged in, as the site admin. If I don't test for logged in user, the signed url is generated correctly, so I don't think there's a problem there. It really seems like I don't have session management working correctly. Here's the entire php file.

Thanks Brf. I fixed the one occurrence but it was in the elseif which isn't getting called because the prior if is succeeding when it shouldn't be. I thought I read that the Anonymous user is supposed to be -1? How can username be Anonymous but user_id be 1?

"username: Anonymous END user_id: 1 END access denied"
(BTW, the " END" in these echo statements is to help me when looking at apache output that's url escaped with %s everywhere.)

This is working under 3.1.6. A diff between this php file in the 3.2.2 site and the one in the working 3.1.6 site is only the pem file location. I'm testing AWS LightSail for hosting and their directory structure is a little different. Is there some other way to test if I have session management working properly, or determine if there's been a change in the way this is handled in 3.2.2?

I've done some searching on append_sid and I'm not sure how to use it in my situation. Can I ask for some additional pointers? Here's a recap of the setup and previous posts.

/styles/prosilver/templates/overall_header.html includes 2 script lines: jquery and aws.js
aws.js makes an ajax call to aws.php to generate a signed url and insert it into the video src tag
aws.php runs the session management and tests if the user is logged in. It always returns that it's the Anonymous user.

Where would append_sid go?

Or, maybe there's a better, easier way to generate and insert the signed url into the video tag?

I am not sure what you are trying to accomplish by calling this little php file. Why not simply create a little extension to generate it within phpBB? Also, since your code is in the header template, you could simply use the phpBB S_USER_LOGGED_IN or whatever that flag is.